Abstract—Botnets create harmful attacks nowadays.
Lawbreaker may implant malware into victim machines using
botnets and, furthermore, he employs fast-flux domain
technology to improve the lifetime and robustness of botnets.
To circumvent the detection of command and control servers, a
set of bots is selected to redirect malicious communication and
hides the communication within normal traffic. As the
dynamics of fast-flux domains, blacklist mechanism is not
efficient to prevent fast-flux botnet attacks. It would be time
consuming to examine the legitimacy of the domains of all the
connections. Therefore, a lightweight detection of malicious
fast-flux domains is desired. Based on the time-space behaviors
of malicious fast-flux domains, the network behaviors of
domains are formulized in this study to reduce the time
complexity of modeling features. According to the
experimental results, the malicious fast-flux domains collected
from the real networks are identified efficiently and the
proposed solution outperforms the blacklists.
Index Terms—Botnet, fast-flux domain, malware, command
and control server.
Chia-Mei Chen is with the Department of Information Management,
National Sun Yat-sen University, Kaohsiung, Taiwan, R.O.C. (email:
cchen@mail.nsysu.edu.tw)
Sheng-Tzong Cheng and Ju-Hsien Chou are with the Department of
Computer Science and Information Engineering, National Cheng Kung
University, Tainan, Taiwan, R.O.C (email:stcheng@mail.ncku.edu.tw,
p7896127@mail.ncku.edu.tw)
[PDF]
Cite:Chia-Mei Chen, Sheng-Tzong Cheng, and Ju-Hsien Chou, "Detection of Fast-Flux Domains," Journal of Advances in Computer Networks vol. 1, no. 2, pp. 148-152, 2013.